On Mon 25/Jul/2022 12:56:02 +0200 Douglas Foster wrote:
We had a discussion about domains that need to set both PSD=Y and
PSD=N. It highlighted one of the problems with using a tag which
implies mutual exclusivity when exclusivity does not apply.
The stated solution was that when PSD=Y is found on the same-domain
policy, then PSD=N is also assumed, which implies that strict
alignment is also applied. This seemed like a reasonable solution.
However, I cannot find any reference to this principle in the
specification. What happened?
To impose strict alignment to PSDs which send mail was hypothesized in
March. Afterwards, the algorithm was changed by disregarding psd=y at
step 2; that is, on the domain input to the algorithm. Therefore, a
sending (or signing) PSD operates as part of its org domain.
In an example I posted, I showed that mail.psd.org.example cannot work
to authenticate From: [email protected]. However, a sibling like
signing.org.example would be in relaxed alignment.
I still think an example like this is clarifying, albeit unreal.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
